tcps oracle tomcat 瘦驱动程序不工作

Question

我在设置新环境时需要帮助

Tomcat（钱包+jdbc瘦驱动）--> TCPS --> Oracle 12

我一直在关注这个帖子 (Oracle JDBC thin driver SSL) 没有运气

当我尝试启动 Tomcat 时，显示以下错误

Caused by: java.security.SignatureException: Signature length not   correct: got 256 but was expecting 128
    at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
    at java.security.Signature$Delegate.engineVerify(Signature.java:1219)

我想我错过了一些东西，但我不知道在哪里..

甲骨文方面

listener.ora

WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = /u01/app/oracle/wallet)
    )
  )

SSL_CLIENT_AUTHENTICATION = FALSE

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 72795752816f)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = 72795752816f)(PORT = 2484))
    )
  )
ADR_BASE_LISTENER = /u01/app/oracle

sqlnet.ora

WALLET_LOCATION =
   (SOURCE =
     (METHOD = FILE)
     (METHOD_DATA =
       (DIRECTORY = /u01/app/oracle/wallet)
     )
   )

SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_RC4_128_SHA,     SSL_RSA_WITH_RC4_128_MD5)

SQLNET.WALLET_OVERRIDE = TRUE

Tomcat 端

tnsnames.ora

TEST =
 (DESCRIPTION =
  (ADDRESS = 
    (PROTOCOL = TCPS)
    (HOST = 72795752816f)
    (PORT = 2484)
  )
   (CONNECT_DATA = 
    (SERVER = DEDICATED) 
    (SERVICE_NAME = xe.oracle.docker)   
   )
 )

context.xml

<Resource name="jdbc/edorasone" auth="Container"
          type="javax.sql.DataSource"     driverClassName="oracle.jdbc.OracleDriver"
      url="jdbc:oracle:thin:/@TEST"
  connectionProperties="javax.net.ssl.keyStore=/tomcat/wallet/cwallet.sso;\
javax.net.ssl.keyStoreType=PCKS12;\
oracle.net.ssl_version=1.0;\
oracle.net.ssl_cipher_suites=(SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5);\
oracle.net.authentication_services=( TCPS )"
/>

顺便说一句：如果在 Tomcat 中使用带有 sqlnet.ora(=Oracle) 和 tnsnames.ora (=Tomcat) 的 sqlplus 客户端，我可以毫无问题地连接。

Answer 1

(a) 使用 Oracle 钱包是否需要额外的罐子？ (oraclepki.jar, osdt_core.jar, osdt_cert.jar) ?
(2) 更正javax.net.ssl.keyStoreType=PKCS12。你有一个错字。
(3) DB URL 应该是“jdbc:oracle:thin:@TEST”，因为你使用的是别名，你需要设置一个系统属性 -Doracle.net.tns_admin=(a) 你有额外的 jars 使用吗甲骨文钱包？ （oraclepki.jar、osdt_core.jar、osdt_cert.jar）？

查看SSL with JDBC whitepaper 了解更多详情。

Answer 2

非常感谢您的帮助。 a) 是的，它们就位 b) 它适用于 PCKS12 c) tns_admin 进入了 setenv.sh 脚本

终于我的设置现在可以工作了。

SSL_CIPHER_SUITES 必须在双方都匹配，所以我所做的是强制使用相同的密码

sqlnet.ora

 SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA)

setenv.sh

CATALINA_OPTS+=" -Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA " 

（注意前缀不一样：Oracle端SSL_，Tomcat/Java端TLS_）

对于那些配置类似的问题，我让Tomcat配置在这里

###############################
# DB CONNECTION CONFIGURATION #
###############################
# Oracle DB (JNDI)
CATALINA_OPTS+=" -Dspring.profiles.active=database-jndi "
CATALINA_OPTS+=" -Doracle.net.tns_admin=/tomcat/wallet "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStore=/tomcat/wallet/keystore.jks "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStoreType=JKS "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStorePassword=Passw0rd  "
CATALINA_OPTS+=" -Djavax.net.ssl.trustStore=/tomcat/wallet/truststore.jks  "    
CATALINA_OPTS+=" -Djavax.net.ssl.trustStorePassword=Passw0rd  "                 
CATALINA_OPTS+=" -Doracle.net.authentication_services=TCPS   "
CATALINA_OPTS+=" -Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA "

context.xml

<Resource name="jdbc/efdesone" auth="Container"
      type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
      url="jdbc:oracle:thin:/@TEST"
  username="<username>" password="<password>" maxActive="20" maxIdle="10" maxWait="-1"
/>

亲切的问候

纳乔。